Malware

Zorenium bot set to terrorise iOS devices

Known for a low infection rate for malware, iOS devices are sometimes known as untouchable due to malware writers focusing their attentions on Android platforms. However, a new strain of bot known as “Zorenium” boasts the ability to infect across different platforms in a stealth-like manner.

The powerful bot, available for purchase on the black market for as little as two thousand pounds, has the ability to work on multiple platforms including Linux and Windows – and recent reports suggest that iOS is not safe either. Released in recent months, Zorenium has advanced features according to security researchers. The bot features the ability to extract banking information, utilise the device for DDoS attacks, screen grab and even mine for bitcoins.

The bot has been on sale in the black market for a few months now and security researchers are only just turning their attentions to it. It is growing in usage and is sold for a relatively minor amount of money compared with the damage it can do, say top security researchers. The recent March update of the bot features the ability to infect iOS, including the latest version, iOS 7. The Zorenium malware is a relative of the infamous Betabot, a bot that the FBI released a warning about in the fall of 2013.

Users infected by Betabot are presented with the following dialogue box, disguised as a Windows box. If accepted, the malware is able to extract data from the infected machine.

Betabot is utilised to target a plethora of different online businesses such as e-commerce sites and online payment sites. The bot works by blocking system access to security applications and opening the system up to malicious software. The bot has been configured to open a dialogue box on the screen that looks like a legitimate Windows message box, stating that the system requires the users permission for Windows Command Processor to make changes to the computer. If the user accepts the dialogue box then the malware is able to extract data from the system, increasing the malwares privileges and gaining access to user data. Infection paths also include removable media and Skype – where users are redirected to a malicious site.

With Betabot and the more powerful relative Zorenium on the loose, people need to be wary of what they choose to accept or download. iOS users are not used to having to bear security in mind, however, with this bot capable of spreading across platforms in a stealth-like manner then users need to be especially wary. iOS devices have been infamous for years for avoiding malware propagation due to in-built security features and the installation model adapted by Apple. Although minimum amounts of code-execution vulnerabilities were discovered in earlier versions of iOS, Apple had patched these, however, with this new strain of bot they may need to look closer at the iOS.